CVE-2005-1375

Properties

Published:
02.05.2005
Updated:
28.08.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
Claroline: Claroline
Claroline: Claroline
Claroline: Claroline

Vulnerability description

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2)learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

References:

CONFIRM: http://www.claroline.net/news.php#85
BID: http://www.securityfocus.com/bid/13407
SECTRACK: http://securitytracker.com/id?1013822
SECUNIA: http://secunia.com/advisories/15161
XF: http://xforce.iss.net/xforce/xfdb/20298
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111464607103407&w=2
SECUNIA: http://secunia.com/advisories/15725